Sanders remarked that the topic of Certification would be discussed tomorrow (Thursday) and not today. He reminded the audience to state their names when speaking and that the session is webcasted. It is possible to ask questions and comment through Jabber.

Riccardo Losselli (E4A s.r.l ) commented that he does not see tracks of temporary assignments in a given time. It is useful if the police come and want to know in 24 hours who used that assignment. He also commented that they had bad experiences with some assignment: he thinks it is not so easy to stop people advertising temporary assignments after they are given back without the help of the upstream.

Nick stated that to his knowledge, all assignments are logged and asked Alex Le Heux (RIPE NCC) if it is correct.

Alex confirmed.

Nick continued saying that these logs are not public in the RIPE database. It would probably require a huge amount of software change. He also added that for the case of the end-user not stopping announcing the temporary addresses there are two answers: then RIPE NCC is not the police, they can only guarantee uniqueness in their registry and this case is like the highjacking of address space; however there are recommendations on how to use RPSL.

Randy Bush (IIJ) reminded that ARIN has available ‘who-was’ in addition to whois. He also commented with examples to remark that 6 months of temporary assignments are not enough.

Nick confirmed that 6 months might not be enough. However, these cases are considered a minority and after the first 6 months an easy renewal is possible.

David Meyer (CISCO Systems) reinforced what Randy said and stressed that easy renewal is very important.

Nick explained that alternatives will be considered in the proposal and confirmed that it is a very relevant point.

Wilfred Woeber (Univie-ACOnet) commented that we should think more about why arbiters, and not the IPRAs, are the first entities to consider the renewal. He preferred the IPRAs to work on it on a procedural basis in order to avoid to have the arbiters in conflicting positions. He added a point on the aspect of automatic de-registrations: the discussed timelines are not compatible with the timelines written downright in the proposal.

Nick thanked for the remarks and said that these are very good points.

Sander wrapped up the two points about avoiding one single organisation to claim the majority of the assignments and the timeline. He invited to continue the discussion on the mailing lists.

2010-02 - Allocations from the last /8

A new combined proposal from Philip Smith and Alain Bidron, just presented here, to be discussed on Thursday.

Niall O’Reilly (University College Dublin) commented with a proposed new state to call cache pending, for example, and that the proposal comes out from this state in two ways: one leading to the obvious natural going forward, the other putting back the process at the beginning.

Dave suggested to be cautious and would prefer to have a close look at this.

Wilfred commented that for the global policies we should not mess with regional policies and make use of what is agreed globally. He thought before that amending the procedure would not help much. He agreed with Niall on one point: we might want to think of fast track procedure especially when the global policy seems not to be completed in time and we want IANA to have it in place in a particular time in the future.

Address Policy Working Group: Session 2

Wed, 5 May 11:00-12:30

Sander opened the second session and presented the agenda. The ‘Report on The ITU’ is moved to the Cooperation Working Group meeting.

Kurtis Lindqvist commented that should be stated at the submission of the proposal that the rights are transmitted to RIPE NCC and the NCC owns the document. He added that he does not see the need of an authorship because the NCC does most of the work.

Hans Petter Hollen (Visma IT& Communications AS ) commented that some sort of credit to the proposer, like it was in the past, especially now that we have a better tracking of the PDP.

Kurtis wanted to specify that there is an importance in recognition but not too much in the work of policy development, so it is not relevant to go back to the author.

Filiz clarified that this is the reason why the first suggestion concerned only the policy documents. In other documents there may be more of a need for direct authorship.

Sander proposed to put the name of the WG of the proposal because, they do the main job.

Filiz specified that, if this is the suggestion, we will refer to RIPE at the top of the document although it cannot be the author because it is not an individual. We want to make sure that RIPE governs the document.

Wilfred agreed and made a procedural suggestion: to add a paragraph in the description of the PDP process so that at the starting of a new PDP the proposer is addressed to the documents on authorship he has to agree.

Nick commented that many Internet documents have authors. He thought that it is a good idea if the RIPE NCC had an assignment of copyright form which all authors would be required to sign before their document submissions are accepted.

Filiz thanked the WG for their input and stated that RIPE NCC will come up with a procedure as suggested.

Try to come up with consensus on what we think IPv6 PI should and should not be used for, and then start a PDP proposal to adjust the policy, if needed

A document was distributed on Tuesday highlighting the differences between IPv4 PI and IPv6 PI and the trends that have been observed

Data-center operators and their customers

The "IPv4 loophole" - Customer access links considered infra (and thus, single-address customers with NAT can be numbered from IPv4 PI, but not from IPv6 PI)

Kurtis asked if the difference in IPv6 policy was supposed to be a feature and not a bug.

Alex could not recall what were at the time the conditions for this to be a feature.

Kurtis commented that he recalled they wanted to use up the IPv4 address space.

Ruediger Volk (Deutsche Telekom) supported Kurtis’s concern. There are differences in systems, problems and circumstances. For IPv6 PI, this is restrictive.

Sander suggested some more discussion because he heard arguments on IPv6 from providers. He asked the audience if we prefer to use PI space for providers or prefer them to become an LIR?

Ruediger commented that it is not relevant to him. He asked if we had numbers on how many requests and problems we deal with.

Alex answered that the RIPE NCC has denied around 10% of the IPv6 PI requests for this particular reason, out of about a total of 160 PI requests. We do expect the number of requests for PI space for this kind of hosting or access users to go up. So far, he assumed that in 2010 we have made approximately 800 IPv4 assignments and two thirds of those would not be approved under the current IPv6 policy.

Ruediger commented that for small access providers does not make sense to discriminate.

Marco Hogewoning (XS4ALL) agreed with Kurtis. He said we had with IPv6 and its deployment and this must be solved. There should be feature parity in the two policies. What he saw is that by the size of the assignment it is easy to make sub-assignments and at that point people should use PA and not PI space. However, the policy should define exactly what an infrastructure assignment is. He asked if the community has intention to fix it.

Sander asked if the people who made the proposal have interests in fixing it. He wrapped up that the common feeling is to put the two policies on the same level.

Marco confirmed we’ve to be clear on what an infrastructure is. If a provider starts making sub allocation it should go for PA space.

Gert commented the two different kinds of denied requests: access provider and hosting providers. We need to be careful with the policy wording. He was concerned about the hosting providers and he suggested feedback to the last text he had sent to the mailing list.

Kurtis commented that he understood that the policy on IPv6 was supposed to be restrictive.

Gert recalled that the restrictions were to protect the routing table. If some content wants to go from v4 to v6 and the policy does not allow, we should amend it.

Jamie Stallwood (Imerja Limited) asked if there is a mechanism to convert from PA to PI.

Kurtis answered that it would mean to break the routing table. He added that at that point to become an LIR should be easy.

Gert commented that it is up to the community to make the decision.

Wilfred commented that he sees important structural elements regarding Internet governance. If we let service providers to have resources without being part of the group service providers and therefore not going for PA, he does not feel that it is the right message to send.

Gert described the scenario where PI is a viable approach and where not. He remarked that we’ve to decide if we want to draw the line on where it is more convenient to use PI or to become LIR.

Piotr Strzyzewski (Silesian University of Technology) commented that it is not fair to invite someone to change business when he cannot afford to become an LIR. Sometimes the PA space is not affordable. Secondly, v6 should be promoted. Many users will try to sneak out of the policies. It is important to make the policy very simple. If we make it complicated there will be always cases that are not covered.

Sander commented that there were different opinions.

The main question is where the border is for the two different situations. It is clear that PI is not reasonable for DSL providers. For the other issue the discussion will continue on the mailing list.

Gert agreed via Skype.

O. The need for a Registration Policy - Rob Blokzijl

Ruediger asked for clarification on the meaning of data held in the database to be complete and authoritative.

Rob answered that it has to be defined what is ‘authoritative’. There must be a quality statement for the database.

Ruediger asked if this mean that entries will have flag to display that some data are authoritative and some other just for the records.

Rob answered that we need to discuss and decide on that.

Daniel Karrenberg (RIPE NCC) recommended reading the document because it is a suggestion to make a registry that serves two purposes: first a comprehensive public recording of current address spaces the RIPE NCC is administratively responsible for; second, a comprehensive public recording of the current holders of the address space. The characteristics of the registry are three Cs: comprehensive, current and correct. He agreed with Rob that for the certification it is necessary to know exactly what it being certified. If we do not have a strong self-regulation and self-administration the whole industry becomes weaker.

Randy commented that keeping historical records could be useful. He explained how in the past at the formation of ARIN they committed to maintain the legacy data with no changes in policy.

Rob commented that the exercise is valuable and even more if all RIRs work on this with the same effort. It is possible to achieve a global well-maintained registry.

Bill Manning commented that what Rob called correctness ARIN calls accuracy. He added that maintaining this is a confirmation of the past commitments. He echoed Randy comment on the ‘who-was’ too. It is a work relevant for all the IPv4 pool.

Daniel commented that the NCC already has the ‘who-was’ and we should not make policies on this. The tool is at rex.ripe.net.

Niall applauded the initiative. It is timely and maybe overdue to think registration services apart from address distribution services.

Remco Van Mook (Equinix) commented that the registration policy is a valid idea. He also commented that people are eager to put certification on top of this.

Jamie commented that the registration policy can explain what the NCC wants to do for the depletion of IPv4 and how it can keep track of the transfers that are likely to happen.

Rob agreed and commented that transfers are not mentioned in the document. He hoped that the policy could make it easy and simple for people with the need to register the use of IPv4 space. The registration function should not be a stumbling block for transfers, issuing certificates and other applications.

Remco commented that the community should pay attention on what will come out of the registration policy. If this will be authoritative it’ll have legal implication and therefore a certification will be relevant.

Rob recommended reading the document to help the starting process for a policy proposal.

Wilfred said he fully supported the idea of the proposal 2008-07, however there will be the problem of conversion from legacies when an entity wants to become an LIR. It is an operational problem, not about policy.

Sander suggested to discuss on the mailing list one more time and if nobody reacts the Chairs will have to speak to the proposers to decide how to continue. He asked Gert if he wanted to add anything.

Rob clarified on the references to ‘Registration Policy’ in the presentation. He asked if by Address Policies Nigel meant Registration Policies.

Nigel confirmed.

Rob stated that in the future we would have registration and distribution policies.

Randy Bush agreed on points of the presentation.

Hans Petter asked what the difference is between getting a certificate issued for an address space and a certificate issued for a website. For the website, the problem is solved by pre-paying the certificate upfront.

Nigel answered that if you want to pay upfront, it is correct.

Geoff asked who the people we are talking about are. He commented that this is about relying parties, not about the subject. If people do not trust the information, there is no point in the certification. Furthermore, if the extending of the certification goes beyond the business relation RIPE makes declaration on subject over which RIPE has no knowledge. Some certificates will reflect exiting relationships and others will not, so he asked how to tell the difference. He made a comparison with the work of APNIC for the certification engine. He suggested changing the policy to reflect a ‘currency’ of agreement: RIPE is defining something true now and until the validity period of the certificate.

James Blessing (Garou Ltd), over Jabber, commented that you need to keep revocation with reclaiming.

Sascha Luck, over Jabber, asked which part of “the community does not want this” needs explaining again. He also commented that he would not have a problem if it stays voluntarily.

Stephen Kent (BBN Technologies) responded to Hans Petter that there are many reasons why not to use the same certificate given for website. These ranges of certification authorities preconfigured in browsers are not authoritative for the information on the website, they are given only because people pay. The third party certification authorities, since authoritative for nothing, have no constraints on what they can issue certificates for, whereas the RPKI model specifies the constraints.

Ruediger commented on Geoff ‘s comment. RPKI certificate are about delegation and they are there as form of business relationship. The membership does not really count. Relying party are interested if the certification proves that the NCC handed over the resources and they have not revoked them whatever the business relation is.

Samuel Weiler (Cobham) commented that he did not find merit in Geoff’s comment. There may be reason why you do not want to rely on certificates, still there is a value.

Randy reminded that APNIC has passed no address policy and not discussed anything in the APNIC policy framework. He compared with the study of certified routing as explained on Monday. Address policy is unclear and not completely understood.

Axel Pawlik (RIPE NCC) commented that he liked the discussion. It is a bottom-up policy development process. In the last years, the NCC had spent many resources improving the registry and proving it is a strong registry. There are number of people in the world who see in the RIRs as registry they can well depend on. He asked if the community really wants the certificates to be revoked on address re-assignment because we are not in line with this. If this will happen we can see to set of data not in synch.

Sascha Luck, over Jabber; commented it is less about the trusting but more on the influence on the NCC.

Daniel commented that some uncertainty has been cast. We spent quite a lot of energy on this and now we are throwing everything away for the routing security. If you trust the NCC and the community then you should accept the certification.

Hans Petter commented that we must understand what these certificates are used for. He wanted to use it for the routing policy to determine if he wants to accept a route or not. If the necessary information is already in the database, he said, he would prefer to check it in the database. Without expiration or revocation policies at all, he can build is routing policy on the type of certificate to accept. It is a matter of whether we want to outsource the trust in the routing policy to the community or do I want to build this myself? He added that we should think of several types of certificates: one when there is a valid business relationship, one when there is more trust, others to say only that the data are actually registered in the database for the valid duration. This can open for different types of services.

Ruediger agreed with Daniel and added that we must have pinned down clearly the different parts of the policies. The critical thing is not the high frequency allocation, it is how the many different cases are and reason for revocation.

Nigel asked to raise hands to answer two questions:

First: certification is issued and expires in relationship to RIPE NCC Membership.

Second question: revocation done at the forced reclaim time or re-issue time of Internet resource.

First answer: about equals.

Second answer: majority for forced reclaimed time.

Daniel asked who would agree on certification tied to registry and its policies.

Ruediger responded that without clarification of the reclamation policy he is not in favor of certification tied on the registry.

Daniel stated that the reclamation is clear. Uncertainty was cast today. We are weakening our own self-governance by having discussion like this.

Rob commented that the current policies are clear but not complete because they do not cover all the existing IPv4 address space. He hoped we come with a much more complete registration policy

Randy said that the problem is global. The registry data is not used for routing, in the vast majority of cases. He suggested that until we understand the mechanism clearly we should put the minimum barrier to the routing.

Daniel said that if this would be true we could just roll up the registry and it would be done.

Ruediger said that RIR and registry here are different. The usage is different. It has nothing to do with trust.

Randy commented that RIR and RIPE Registry are blended in this region.

Daniel commented that it is obvious that two registries in the same database do not make them the same registry.

Nigel said that he does not think we moved forward and suggested to shift to mailing list.

Hans Petter agreed that Nigel is right that if the other regions do not approve the common text it has to go back to the NRO. He read the ICANN definition of global policies and with the definition he commented that we need to focus on the required action from IANA. Then we can look into which part of the policy needs IANA intervention and which not in order to refine the proposal on the global aspects.

Nigel approved that it is a good alternative. He considers this the long way forward and wondered if otherwise it is not better to let IPv4 to run out.

John Curran (ARIN) commented that it is inevitable in the ARIN region that there will be space applicable to this policy. Without a good second portion of the policy IANA will have problem on how to handle space smaller than /8. The IANA will be hamstrung if nobody proposes a good policy. About the ARIN change on the policy, it is true that it was considered a local policy matter. It was considered the fact that unilateral returning space presumes that RIRs use the same framework. In ARIN region there is the concern that some regions can change their framework more quickly than others and therefore not to make a return makes sense and then leaves flexibility. If this region moves to the ARIN text, he encouraged to move to other regions to recommend to do the same. If instead the region stays with the RIPE text he encourage to go to ARIN and explain why.

Raul Echeberria (LACNIC) commented that as one of the proposer it would be good to finish the discussion on this proposal so to start the work on the new one. It does not matter if the return is mandatory or volunteer, it can be very bad for the global addressing community if large amount of addresses are returned from one RIR and given to some regions only. He did not agree that the address council is blocked on this issue because we are still in the discussion phase.

Wilfred wanted to echo the topics of Raul. The issue for the address council is to forward the global proposal accepted by all the regions and the task is to officially approve that the proper policy processes were followed. The catch is that if there were substantial differences in the regions on the wording then the policy should not even be forwarded to the address council. He encouraged the RIPE region to decide on whatever they want. As soon as the last region has decided, we can start the work. The longer we wait the more the chances that whatever we decide will be irrelevant and difficult to repair.

James Blessing (GAROU Ltd), from Jabber, asked ARIN if they can review and re-adapt the original text.

John answered that the original text got modified throughout the process. There was no motion to use the original text. The reasons to the changes remain. If the other RIRs approve the original text they will have to go to ARIN to re-discuss.

Hans Petter again stated that the discussion could continue now, or move the proposal to last call. If time is an issue, it is simple to take the way forward. Then the NRO will have to work on different texts of the global policy. At least this will move us forward.

Raul commented that it is not a big challenge to the NRO. If the discussion is finished, it is possible to have consensus on the agreement. If the RIPE region approves the proposal, we will have to go back to ARIN, otherwise we will have to work on a new proposal.

Remco van Mook (Equinix) reminded that consensus is built on the mailing list.

Sander reminded that many voices are here to support to move forward.

Dave asked what it is going to happen if, assuming that the policy is adopted globally, a region decides to adapt a local policy that conflicts with the local part of this global policy.

John answered that because of the MoU that creates the NRO and the agreement to have global policies, it is not proper form to create local policy on top of global policy. It is against the agreement to cooperate as per MoU, as per ARIN way to read it.

Sander suggested to move to the mailing lists.

Nigel noticed that on the mailing list there is consensus.

Y. Open Policy Hour

"The Open Policy Hour (OPH) is a showcase for your policy ideas. If you have a policy proposal you'd like to debut, prior to formally submitting it, here is your opportunity." (Idea from ARIN policy meeting)

The following subjects have already been raised:

Wording Cleanup regarding 80% rule for PA allocations - Gert Doering

Nina Bargisen (TDC A/S) commented that she supports the proposal. She said that it is a very good way to clear everything up.

Alex agreed with Gert and added that based on what was said in the meeting, and expressed on the mailing list it, is clear what is the interpretation to use of the policy and RS will use this interpretation as soon as they can.

The RIPE NCC uses cookies. Some of these cookies may have been set already. More information about our cookies can be found in our privacypolicy. You can accept our cookies either by clicking here or by continuing to use the site.